CA SSO : WAMUI Related Queries

I have changed password of the account which is used to connect to policy store. I have updated the credentials in smconsole and restarted the policy server. Webagent and policy server is working fine. But, while starting the WAMUI, SiteMinder environment is not getting started and I could see 'Invalid Credentials' error message in the logs.

If I revert the changes to old password, I am not getting any error while starting WAMUI.

1) Can someone please let me know if I need to update password in any other place as well? How WAMUI will know the policy store credentials? Where will it store these credentials?

2) If I add more than one policy server connection to the existing WAMUI, how handshake will happen between WAMUI and additional policy server as the file generated by XPSRegClient is getting removed automatically after the registration in WAMUI? I could see Trusted Host object and Admin object is getting created in Policy Store. But, in which file, shared secret details will be saved in the policy server side? Would be better if someone can explain this flow in detail.

Note:If you do not know the data source name, you can locate all deployed data sources in thestandalone-full.xmlfile. This path to this file isadministrative_ui_home\siteminder\adminui\standalone\configuration.

Enter the user name and press Enter.The utility prompts you for the user password.

Enter the password and press Enter.The utility prompts you to verify the new data source credentials and verify that they can be updated.

Typeyand press Enter to confirm the new data source credentials.The utility updates the data source. The utility prompts you to restart the Administrative UI service.

Typeyand press Enter to use the utility to restart the Administrative UI service and deploy the updated data source. Alternatively, Typenand press Enter to start the Administrative UI service manually. The data source is deployed when the service is started.

For your second part of the question , let's spin off a new thread as that is unrelated to the first question.

The first question is strange, usually admin ui does not co-relate to policy store connection account.

Those account information is stored in registry file, not in policy store at all.

Maybe you have report server or audit server connection somehow shares same account?

Something was missing in the use case description. You can also search entire policy store export xml file for the account.

When XPSRegclient was called, Siteminder admin needs to complete the registration by going through admin ui, login with id/pass/ui_name, this removes temp record in policy server, and creates permanent record in policy store.

Every registered and working ui has trusted host record in store, like hostname__0 (Generated by XPSRegClient).

Same record was used for next login attempt.

Because it is trusted host, thus handshake will happen for each UI login respectively.

Note:If you do not know the data source name, you can locate all deployed data sources in thestandalone-full.xmlfile. This path to this file isadministrative_ui_home\siteminder\adminui\standalone\configuration.

Enter the user name and press Enter.The utility prompts you for the user password.

Enter the password and press Enter.The utility prompts you to verify the new data source credentials and verify that they can be updated.

Typeyand press Enter to confirm the new data source credentials.The utility updates the data source. The utility prompts you to restart the Administrative UI service.

Typeyand press Enter to use the utility to restart the Administrative UI service and deploy the updated data source. Alternatively, Typenand press Enter to start the Administrative UI service manually. The data source is deployed when the service is started.

For your second part of the question , let's spin off a new thread as that is unrelated to the first question.

Thanks for your response. As usual, you are absolutely correct. We are using same account to connect to policy store and external Admin store. Issue has been resolved after executing smjndisetup.sh, have one query though.

Where this username and password details (to connect to external Admin store) will be stored as I could see that CADirectory xml file (which is in ../siteminder/directories/ folder) is not getting updated even after executing smjndisetup.sh script?

Note : I have even tried changing the user (to connect to external Admin store) but still CADirectory xml file was not updated.

Regarding my second query, as per your suggestion, created a new thread.